WP Hide & Security Enhancer - Version 1.5.6.7

Version Description

  • Allow internal cron jobs to run even if wp-cron.php is blocked.
  • Check with wp_filesystem for any errors and output the messages, before attempt to write any content
  • Trigger site cache clear on settings changed or code update
  • Slight css updates
  • Mark block option in red text for better visibility and user awareness
Download this release

Release Info

Developer nsp-code
Plugin Icon 128x128 WP Hide & Security Enhancer
Version 1.5.6.7
Comparing to
See all releases

Code changes from version 1.5.6.3 to 1.5.6.7

Files changed (16) hide show
  1. compatibility/shortpixel-adaptive-images.php +3 -0
  2. css/wph.css +1 -1
  3. include/functions.class.php +49 -2
  4. include/update.class.php +10 -21
  5. include/wph.class.php +81 -38
  6. modules/components/admin-admin_url.php +1 -1
  7. modules/components/admin-new_wp_login_php.php +2 -2
  8. modules/components/general-html.php +2 -1
  9. modules/components/rewrite-new_include_path.php +1 -1
  10. modules/components/rewrite-new_plugin_path.php +1 -1
  11. modules/components/rewrite-new_upload_path.php +1 -1
  12. modules/components/rewrite-root-files.php +56 -2
  13. modules/components/rewrite-wp_content_path.php +1 -1
  14. readme.txt +12 -1
  15. router/environment.php +1 -1
  16. wp-hide.php +1 -1
compatibility/shortpixel-adaptive-images.php CHANGED
@@ -11,6 +11,9 @@
11
 
12
  static function init()
13
  {
 
 
 
14
  add_action('wp_calculate_image_srcset', array( 'WPH_conflict_shortpixel_ai', 'wp_calculate_image_srcset') , -1, 5);
15
 
16
  add_action( 'init', array( 'WPH_conflict_shortpixel_ai', 'init_ob'), 2 );
11
 
12
  static function init()
13
  {
14
+ if( ! self::is_plugin_active())
15
+ return FALSE;
16
+
17
  add_action('wp_calculate_image_srcset', array( 'WPH_conflict_shortpixel_ai', 'wp_calculate_image_srcset') , -1, 5);
18
 
19
  add_action( 'init', array( 'WPH_conflict_shortpixel_ai', 'init_ob'), 2 );
css/wph.css CHANGED
@@ -42,7 +42,7 @@ table.wph_input tbody tr td.label .description .important {color: #d54e21}
42
  table.wph_input tbody tr td.label .description .dashicons, table.wph_input tbody tr td.label .description span {display: inline-block}
43
  table.wph_input tbody tr td.label .description span {padding-left: 5px; line-height: 18px;}
44
  table.wph_input tbody tr td.label .description span a {display: block}
45
- table.wph_input tbody tr td.label .description span.important {color: #444}
46
  table.wph_input tbody tr td.label .description span.info {padding-left: 0px; color:#d54e21; font-style: italic;}
47
  table.wph_input tbody tr td.label .description .pointer {cursor:pointer}
48
  table.wph_input tbody tr td.label .description .notice-success, table.wph_input tbody tr td.label .description .notice-error {padding: 10px 12px; background-color: #fff;}
42
  table.wph_input tbody tr td.label .description .dashicons, table.wph_input tbody tr td.label .description span {display: inline-block}
43
  table.wph_input tbody tr td.label .description span {padding-left: 5px; line-height: 18px;}
44
  table.wph_input tbody tr td.label .description span a {display: block}
45
+ table.wph_input tbody tr td.label .description span.important {color: #d54e21; padding-left: 0px }
46
  table.wph_input tbody tr td.label .description span.info {padding-left: 0px; color:#d54e21; font-style: italic;}
47
  table.wph_input tbody tr td.label .description .pointer {cursor:pointer}
48
  table.wph_input tbody tr td.label .description .notice-success, table.wph_input tbody tr td.label .description .notice-error {padding: 10px 12px; background-color: #fff;}
include/functions.class.php CHANGED
@@ -1438,9 +1438,16 @@
1438
  }
1439
 
1440
  //check for url encoded urls
1441
- foreach($_relative_domain_url_replacements_dq as $old_url => $new_url)
1442
  {
1443
- $text = str_ireplace( trim( json_encode( trim( $old_url, '"')), '"' ) , trim( json_encode( trim ( $new_url, '"')), '"' ) ,$text );
 
 
 
 
 
 
 
1444
  $text = str_ireplace( trim( urlencode(trim( $old_url, '"')), '"' ) , trim( urlencode(trim ( $new_url, '"')), '"' ) ,$text );
1445
  }
1446
 
@@ -2452,6 +2459,46 @@
2452
  }
2453
 
2454
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2455
  /**
2456
  * Recursivelly remove all fodlers and files within a directory
2457
  *
1438
  }
1439
 
1440
  //check for url encoded urls
1441
+ foreach( $_relative_domain_url_replacements_dq as $old_url => $new_url )
1442
  {
1443
+ /*
1444
+ * JSON always use double quotes
1445
+ * use double quote type at the start of the string (per json encodync) to avoid replacing for non-local domains
1446
+ * e.g. "collectionThumbnail":"https:\/\/wp.envatoextensions.com\/kit-57\/wp-content\/uploads\/sites\/60\/2018\/08\/screenshot-20-1540279812-300x997.jpg"
1447
+ */
1448
+ //$text = str_ireplace( "'" . trim( json_encode( trim( $old_url, '"')), '"' ) , "'" . trim( json_encode( trim ( $new_url, '"')), '"' ) ,$text );
1449
+ $text = str_ireplace( '"' . trim( json_encode( trim( $old_url, '"')), '"' ) , '"' . trim( json_encode( trim ( $new_url, '"')), '"' ) ,$text );
1450
+
1451
  $text = str_ireplace( trim( urlencode(trim( $old_url, '"')), '"' ) , trim( urlencode(trim ( $new_url, '"')), '"' ) ,$text );
1452
  }
1453
 
2459
  }
2460
 
2461
 
2462
+
2463
+ /**
2464
+ * Clear any cache plugins
2465
+ *
2466
+ */
2467
+ function site_cache_clear()
2468
+ {
2469
+ if (function_exists('wp_cache_clear_cache'))
2470
+ wp_cache_clear_cache();
2471
+
2472
+ if (function_exists('w3tc_flush_all'))
2473
+ w3tc_flush_all();
2474
+
2475
+ if (function_exists('opcache_reset'))
2476
+ opcache_reset();
2477
+
2478
+ if ( function_exists( 'rocket_clean_domain' ) )
2479
+ rocket_clean_domain();
2480
+
2481
+ global $wp_fastest_cache;
2482
+ if ( method_exists( 'WpFastestCache', 'deleteCache' ) && !empty( $wp_fastest_cache ) )
2483
+ $wp_fastest_cache->deleteCache();
2484
+
2485
+ //If your host has installed APC cache this plugin allows you to clear the cache from within WordPress
2486
+ if (function_exists('apc_clear_cache'))
2487
+ apc_clear_cache();
2488
+
2489
+ //WPEngine
2490
+ if ( class_exists( 'WpeCommon' ) )
2491
+ {
2492
+ if ( method_exists( 'WpeCommon', 'purge_memcached' ) )
2493
+ WpeCommon::purge_memcached();
2494
+ if ( method_exists( 'WpeCommon', 'clear_maxcdn_cache' ) )
2495
+ WpeCommon::clear_maxcdn_cache();
2496
+ if ( method_exists( 'WpeCommon', 'purge_varnish_cache' ) )
2497
+ WpeCommon::purge_varnish_cache();
2498
+ }
2499
+ }
2500
+
2501
+
2502
  /**
2503
  * Recursivelly remove all fodlers and files within a directory
2504
  *
include/update.class.php CHANGED
@@ -213,6 +213,13 @@
213
  WPH_functions::copy_mu_loader( TRUE );
214
 
215
  $version = '1.4.8.3';
 
 
 
 
 
 
 
216
  }
217
 
218
 
@@ -230,12 +237,12 @@
230
 
231
 
232
  //Always generate the environment file
233
- $this->wph->set_static_environment_file();
234
 
235
 
236
  //save the last code version
237
  $this->wph->settings['version'] = WPH_CORE_VERSION;
238
- $this->wph->functions->update_settings($this->wph->settings);
239
 
240
  }
241
 
@@ -257,25 +264,7 @@
257
 
258
  flush_rewrite_rules();
259
 
260
- //clear the cache for W3 Cache
261
- if (function_exists('w3tc_pgcache_flush'))
262
- w3tc_pgcache_flush();
263
-
264
- //recheck if permalinks where saved sucessfully and redirect
265
-
266
- /**
267
- * ToDo Possible not necesarely?
268
- * 1) Through AJAX, plugin update - it trigger the first update so flush_rules()
269
- * 2) Through regular plugin update, no new plugin files are being run
270
- */
271
- /*
272
- if( !defined( 'DOING_AJAX' ) && $this->wph->permalinks_not_applied === FALSE && $this->wph->functions->rewrite_rules_applied() === TRUE)
273
- {
274
- //reload the page
275
- wp_redirect($this->wph->functions->get_current_url());
276
- die();
277
- }
278
- */
279
  }
280
 
281
  }
213
  WPH_functions::copy_mu_loader( TRUE );
214
 
215
  $version = '1.4.8.3';
216
+ }
217
+
218
+ if(version_compare($version, '1.5.6.6', '<'))
219
+ {
220
+ $_trigger_flush_rules = TRUE;
221
+
222
+ $version = '1.5.6.6';
223
  }
224
 
225
 
237
 
238
 
239
  //Always generate the environment file
240
+ //$this->wph->set_static_environment_file();
241
 
242
 
243
  //save the last code version
244
  $this->wph->settings['version'] = WPH_CORE_VERSION;
245
+ //$this->wph->functions->update_settings($this->wph->settings);
246
 
247
  }
248
 
264
 
265
  flush_rewrite_rules();
266
 
267
+ $this->wph->functions->site_cache_clear();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
268
  }
269
 
270
  }
include/wph.class.php CHANGED
@@ -497,6 +497,58 @@
497
 
498
  }
499
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
500
  }
501
 
502
  /**
@@ -735,39 +787,7 @@
735
  //allow rewrite
736
  flush_rewrite_rules();
737
 
738
- /**
739
- * Clear any cache plugins
740
- */
741
- if (function_exists('wp_cache_clear_cache'))
742
- wp_cache_clear_cache();
743
-
744
- if (function_exists('w3tc_flush_all'))
745
- w3tc_flush_all();
746
-
747
- if (function_exists('opcache_reset'))
748
- opcache_reset();
749
-
750
- if ( function_exists( 'rocket_clean_domain' ) )
751
- rocket_clean_domain();
752
-
753
- global $wp_fastest_cache;
754
- if ( method_exists( 'WpFastestCache', 'deleteCache' ) && !empty( $wp_fastest_cache ) )
755
- $wp_fastest_cache->deleteCache();
756
-
757
- //If your host has installed APC cache this plugin allows you to clear the cache from within WordPress
758
- if (function_exists('apc_clear_cache'))
759
- apc_clear_cache();
760
-
761
- //WPEngine
762
- if ( class_exists( 'WpeCommon' ) )
763
- {
764
- if ( method_exists( 'WpeCommon', 'purge_memcached' ) )
765
- WpeCommon::purge_memcached();
766
- if ( method_exists( 'WpeCommon', 'clear_maxcdn_cache' ) )
767
- WpeCommon::clear_maxcdn_cache();
768
- if ( method_exists( 'WpeCommon', 'purge_varnish_cache' ) )
769
- WpeCommon::purge_varnish_cache();
770
- }
771
 
772
  }
773
 
@@ -825,7 +845,11 @@
825
 
826
  //if nothing has changed exit
827
  if ( $environment_variable == json_encode($_environment_variable) )
828
- return;
 
 
 
 
829
  }
830
 
831
  global $wp_filesystem;
@@ -846,11 +870,25 @@
846
 
847
  $file_data = ob_get_contents();
848
  ob_end_clean();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
849
 
850
- if( ! $wp_filesystem->put_contents( WPH_PATH . 'router/environment.php', $file_data , FS_CHMOD_FILE) )
851
  {
852
- $process_interface_save_errors = get_transient( 'wph-process_interface_save_errors' );
853
- delete_transient( 'wph-process_interface_save_errors' );
854
 
855
  $process_interface_save_errors[] = array( 'type' => 'error',
856
  'message' => __('Unable to create environment static file. Is ', 'wp-hide-security-enhancer') . WPH_PATH . 'router/ ' . __('writable', 'wp-hide-security-enhancer') . '? <b>Remove description header from Style file</b> and <b>Child - Remove description header from Style file</b> ' . __('will not work correctly, so where turned off.', 'wp-hide-security-enhancer')
@@ -866,7 +904,12 @@
866
  //regenerate permalinks
867
  $this->settings_changed();
868
 
869
- set_transient( 'wph-process_interface_save_errors', $process_interface_save_errors, HOUR_IN_SECONDS );
 
 
 
 
 
870
  }
871
 
872
 
497
 
498
  }
499
 
500
+
501
+ //output any other errors message
502
+ $process_errors = get_transient( 'wph-process_set_static_environment_errors' );
503
+ if ( is_array( $process_errors ) && count ( $process_errors ) > 0 )
504
+ {
505
+ $found_warnings = FALSE;
506
+ $found_errors = FALSE;
507
+
508
+ if( is_array($process_errors ) && count($process_errors ) > 0)
509
+ {
510
+ foreach ( $process_errors as $process_interface_save_error )
511
+ {
512
+ if($process_interface_save_error['type'] === 'warning')
513
+ $found_warnings = TRUE;
514
+
515
+ if($process_interface_save_error['type'] === 'error')
516
+ $found_errors = TRUE;
517
+ }
518
+
519
+ }
520
+
521
+ //display the warnings
522
+ if( $found_warnings === TRUE )
523
+ {
524
+ echo "<div class='notice notice-warning'><p>";
525
+ foreach ( $process_errors as $process_interface_save_error )
526
+ {
527
+ if($process_interface_save_error['type'] == 'warning')
528
+ {
529
+ echo $process_interface_save_error['message'] .'<br />';
530
+ }
531
+ }
532
+ echo "</p></div>";
533
+ }
534
+
535
+ //display the errors
536
+ if( $found_errors === TRUE )
537
+ {
538
+ echo "<div class='notice notice-error'><p>";
539
+ foreach ( $process_errors as $process_interface_save_error )
540
+ {
541
+ if($process_interface_save_error['type'] == 'error')
542
+ {
543
+ echo $process_interface_save_error['message'] .'<br />';
544
+ }
545
+ }
546
+ echo "</p></div>";
547
+ }
548
+
549
+
550
+ }
551
+
552
  }
553
 
554
  /**
787
  //allow rewrite
788
  flush_rewrite_rules();
789
 
790
+ $this->functions->site_cache_clear();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
791
 
792
  }
793
 
845
 
846
  //if nothing has changed exit
847
  if ( $environment_variable == json_encode($_environment_variable) )
848
+ {
849
+ //delete any error notice
850
+ delete_transient( 'wph-process_set_static_environment_errors' );
851
+ return;
852
+ }
853
  }
854
 
855
  global $wp_filesystem;
870
 
871
  $file_data = ob_get_contents();
872
  ob_end_clean();
873
+
874
+ $process_interface_save_errors = array();
875
+
876
+ if ( is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() )
877
+ {
878
+ delete_transient( 'wph-process_set_static_environment_errors' );
879
+
880
+ $process_interface_save_errors[] = array( 'type' => 'error',
881
+ 'message' => __('Unable to create environment static file. The system returned the following error: ', 'wp-hide-security-enhancer') . $wp_filesystem->errors->get_error_message()
882
+ );
883
+ set_transient( 'wph-process_set_static_environment_errors', $process_interface_save_errors, HOUR_IN_SECONDS );
884
+
885
+ return;
886
+ }
887
 
888
+ if ( ! $wp_filesystem->put_contents( WPH_PATH . 'router/environment.php', $file_data , FS_CHMOD_FILE) )
889
  {
890
+
891
+ delete_transient( 'wph-process_set_static_environment_errors' );
892
 
893
  $process_interface_save_errors[] = array( 'type' => 'error',
894
  'message' => __('Unable to create environment static file. Is ', 'wp-hide-security-enhancer') . WPH_PATH . 'router/ ' . __('writable', 'wp-hide-security-enhancer') . '? <b>Remove description header from Style file</b> and <b>Child - Remove description header from Style file</b> ' . __('will not work correctly, so where turned off.', 'wp-hide-security-enhancer')
904
  //regenerate permalinks
905
  $this->settings_changed();
906
 
907
+ set_transient( 'wph-process_set_static_environment_errors', $process_interface_save_errors, HOUR_IN_SECONDS );
908
+ }
909
+ else
910
+ {
911
+ //delete any error notice
912
+ delete_transient( 'wph-process_set_static_environment_errors' );
913
  }
914
 
915
 
modules/components/admin-admin_url.php CHANGED
@@ -29,7 +29,7 @@
29
  'id' => 'block_default_admin_url',
30
  'label' => __('Block default Admin Url', 'wp-hide-security-enhancer'),
31
  'description' => array(
32
- __('Block default admin url and files from being accesible.', 'wp-hide-security-enhancer')
33
  ),
34
  'input_type' => 'radio',
35
  'options' => array(
29
  'id' => 'block_default_admin_url',
30
  'label' => __('Block default Admin Url', 'wp-hide-security-enhancer'),
31
  'description' => array(
32
+ '<span class="important">'. __('Ensure the above option works correctly on your server before activate this.', 'wp-hide-security-enhancer') .'</span><br />' . __('Block default admin url and files from being accesible.', 'wp-hide-security-enhancer')
33
  ),
34
  'input_type' => 'radio',
35
  'options' => array(
modules/components/admin-new_wp_login_php.php CHANGED
@@ -17,7 +17,7 @@
17
  'description' => array(
18
  __('Map a new wp-login.php instead default. This also need to include <i>.php</i> extension.', 'wp-hide-security-enhancer') . '<br />'
19
  . __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/documentation/admin-change-wp-login-php/" target="_blank">Link</a>',
20
- '<div class="notice-error"><div class="dashicons dashicons-warning important" alt="f534">'. __('warning', 'wp-hide-security-enhancer') .'</div> <span class="important">' . __('Make sure your log-in url is not already modified by another plugin or theme. In such case, you should disable other code and take advantage of these features. More details at ', 'wp-hide-security-enhancer') . '<a target="_blank" href="http://www.wp-hide.com/login-conflicts/">'. __('Login Conflicts', 'wp-hide-security-enhancer') .'</a></span></div>'
21
 
22
  ),
23
  'input_type' => 'text',
@@ -30,7 +30,7 @@
30
  $this->module_settings[] = array(
31
  'id' => 'block_default_wp_login_php',
32
  'label' => __('Block default wp-login.php', 'wp-hide-security-enhancer'),
33
- 'description' => __('Block default wp-login.php file from being accesible.', 'wp-hide-security-enhancer'),
34
 
35
  'input_type' => 'radio',
36
  'options' => array(
17
  'description' => array(
18
  __('Map a new wp-login.php instead default. This also need to include <i>.php</i> extension.', 'wp-hide-security-enhancer') . '<br />'
19
  . __('More details can be found at', 'wp-hide-security-enhancer') .' <a href="http://www.wp-hide.com/documentation/admin-change-wp-login-php/" target="_blank">Link</a>',
20
+ '<div class="notice-error"><span class="important"><span class="dashicons dashicons-warning important" alt="f534">'. __('warning', 'wp-hide-security-enhancer') .'</span> ' . __('Make sure your log-in url is not already modified by another plugin or theme. In such case, you should disable other code and take advantage of these features. More details at ', 'wp-hide-security-enhancer') . '<a target="_blank" href="http://www.wp-hide.com/login-conflicts/">'. __('Login Conflicts', 'wp-hide-security-enhancer') .'</a></span></div>'
21
 
22
  ),
23
  'input_type' => 'text',
30
  $this->module_settings[] = array(
31
  'id' => 'block_default_wp_login_php',
32
  'label' => __('Block default wp-login.php', 'wp-hide-security-enhancer'),
33
+ 'description' => '<span class="important">'. __('Ensure the above option works correctly on your server before activate this.', 'wp-hide-security-enhancer') .'</span><br />' . __('Block default wp-login.php file from being accesible.', 'wp-hide-security-enhancer'),
34
 
35
  'input_type' => 'radio',
36
  'options' => array(
modules/components/general-html.php CHANGED
@@ -153,7 +153,8 @@
153
  $buffer = preg_replace('/<!--(?!\s*(?:\[if [^\]]+]|<!|>))(?:(?!-->)(.|\n))*-->/sm', "" , $buffer);
154
 
155
  //replace any JavaScript comments
156
- //$buffer = preg_replace('/\/\*[\s\S]*?\*\/|([^:]|^)\/\/.*$/sm', "" , $buffer);
 
157
 
158
  //remove empty multiple new lines
159
  $buffer = preg_replace("/(\n){2,}/", "\n", $buffer);
153
  $buffer = preg_replace('/<!--(?!\s*(?:\[if [^\]]+]|<!|>))(?:(?!-->)(.|\n))*-->/sm', "" , $buffer);
154
 
155
  //replace any JavaScript comments
156
+ //$buffer = preg_replace('/(\s+)(\/\/)([a-zA-Z\s]+)(\s+)/sm', "" , $buffer);
157
+ //$buffer = preg_replace('/(\s+)(\/\*)([a-zA-Z\s\n]+)(\*\/)(\s+)/sm', "" , $buffer);
158
 
159
  //remove empty multiple new lines
160
  $buffer = preg_replace("/(\n){2,}/", "\n", $buffer);
modules/components/rewrite-new_include_path.php CHANGED
@@ -27,7 +27,7 @@
27
  $this->module_settings[] = array(
28
  'id' => 'block_wpinclude_url',
29
  'label' => __('Block wp-includes URL', 'wp-hide-security-enhancer'),
30
- 'description' => __('Block wp-includes files from being accesible through default urls. <br />Apply only if <b>New Includes Path</b> is not empty. It block only for non loged-in users.', 'wp-hide-security-enhancer'),
31
 
32
  'input_type' => 'radio',
33
  'options' => array(
27
  $this->module_settings[] = array(
28
  'id' => 'block_wpinclude_url',
29
  'label' => __('Block wp-includes URL', 'wp-hide-security-enhancer'),
30
+ 'description' => '<span class="important">'. __('Ensure the above option works correctly on your server before activate this.', 'wp-hide-security-enhancer') .'</span><br />'. __('Block wp-includes files from being accesible through default urls. <br />Apply only if <b>New Includes Path</b> is not empty. Blocks only for non loged-in users.', 'wp-hide-security-enhancer'),
31
 
32
  'input_type' => 'radio',
33
  'options' => array(
modules/components/rewrite-new_plugin_path.php CHANGED
@@ -28,7 +28,7 @@
28
  $this->module_settings[] = array(
29
  'id' => 'block_plugins_url',
30
  'label' => __('Block plugins URL', 'wp-hide-security-enhancer'),
31
- 'description' => __('Block plugins files from being accesible through default urls.', 'wp-hide-security-enhancer') . '<br />'.__('Apply only if ', 'wp-hide-security-enhancer') . '<b>New Plugin Path</b> ' . __('is not empty.', 'wp-hide-security-enhancer'),
32
 
33
  'input_type' => 'radio',
34
  'options' => array(
28
  $this->module_settings[] = array(
29
  'id' => 'block_plugins_url',
30
  'label' => __('Block plugins URL', 'wp-hide-security-enhancer'),
31
+ 'description' => '<span class="important">'. __('Ensure the above option works correctly on your server before activate this.', 'wp-hide-security-enhancer') .'</span><br />'. __('Block plugins files from being accesible through default urls.', 'wp-hide-security-enhancer') . '<br />'.__('Apply only if ', 'wp-hide-security-enhancer') . '<b>New Plugin Path</b> ' . __('is not empty.', 'wp-hide-security-enhancer'),
32
 
33
  'input_type' => 'radio',
34
  'options' => array(
modules/components/rewrite-new_upload_path.php CHANGED
@@ -28,7 +28,7 @@
28
  $this->module_settings[] = array(
29
  'id' => 'block_upload_url',
30
  'label' => __('Block default uploads URL', 'wp-hide-security-enhancer'),
31
- 'description' => __('Block default wp-content/uploads/ media folder from being accesible through default urls.', 'wp-hide-security-enhancer') . ' <br />'.__('If set to Yes, all new images inserted into posts will use the new Upload Url, as old url become blocked. Using the No, new images inserted will use old url, which however are being updated on front side. This may be helpful on plugin disable, so image urls can be accessible as before.', 'wp-hide-security-enhancer').'<br />'. __('Apply only if', 'wp-hide-security-enhancer') .' <b>New Upload Path</b> '.__('is not empty.', 'wp-hide-security-enhancer'),
32
 
33
  'input_type' => 'radio',
34
  'options' => array(
28
  $this->module_settings[] = array(
29
  'id' => 'block_upload_url',
30
  'label' => __('Block default uploads URL', 'wp-hide-security-enhancer'),
31
+ 'description' => '<span class="important">'. __('Ensure the above option works correctly on your server before activate this.', 'wp-hide-security-enhancer') .'</span><br />' . __('Block default wp-content/uploads/ media folder from being accesible through default urls.', 'wp-hide-security-enhancer') . ' <br />' . __('Apply only if', 'wp-hide-security-enhancer') .' <b>New Upload Path</b> '.__('is not empty.', 'wp-hide-security-enhancer'),
32
 
33
  'input_type' => 'radio',
34
  'options' => array(
modules/components/rewrite-root-files.php CHANGED
@@ -62,10 +62,21 @@
62
  'processing_order' => 55
63
  );
64
 
 
 
 
 
 
 
 
 
 
 
 
65
  $this->module_settings[] = array(
66
  'id' => 'block_wp_cron_php',
67
  'label' => __('Block wp-cron.php', 'wp-hide-security-enhancer'),
68
- 'description' => __('Block access to wp-cron.php file. If remote cron calls not being used this can be set to Yes.', 'wp-hide-security-enhancer'),
69
 
70
  'input_type' => 'radio',
71
  'options' => array(
@@ -246,19 +257,39 @@
246
 
247
  $text = '';
248
 
 
 
249
  if($this->wph->server_htaccess_config === TRUE)
250
  {
251
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
 
 
 
 
 
 
252
  $text .= "RewriteRule ^" . $rewrite_base ." ". $rewrite_to ."?wph-throw-404 [L]";
253
  }
254
 
255
  if($this->wph->server_web_config === TRUE)
 
256
  $text = '
257
  <rule name="wph-block_wp_cron_php" stopProcessing="true">
258
- <match url="^' . $rewrite_base . '" />
 
 
 
 
 
 
 
 
 
 
259
  <action type="Rewrite" url="'. $rewrite_to .'?wph-throw-404" />
260
  </rule>
261
  ';
 
262
 
263
  $processing_response['rewrite'] = $text;
264
 
@@ -379,5 +410,28 @@
379
 
380
  return $processing_response;
381
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
382
  }
383
  ?>
62
  'processing_order' => 55
63
  );
64
 
65
+ $local_ip = $this->domain_get_ip();
66
+ $option_description = __('Block access to wp-cron.php file. If remote cron calls not being used this can be set to Yes.', 'wp-hide-security-enhancer');
67
+ if ( $local_ip === FALSE )
68
+ {
69
+ $option_description .= '<br /><span class="important">' . __('Unable to identify site domain IP, blocking wp-cron.php will stop the site internal WordPress cron functionality.', 'wp-hide-security-enhancer') . '</span>';
70
+ }
71
+ else
72
+ {
73
+ $option_description .= '<br /><span class="important">' . __('Site domain rezolved to IP', 'wp-hide-security-enhancer') . ' ' . $local_ip . ' ' . __('If blocked, all internal calls to cron will continue to run fine. All calls from a different IP are blocked, including direct calls.', 'wp-hide-security-enhancer') . '</span>';
74
+ }
75
+
76
  $this->module_settings[] = array(
77
  'id' => 'block_wp_cron_php',
78
  'label' => __('Block wp-cron.php', 'wp-hide-security-enhancer'),
79
+ 'description' => $option_description,
80
 
81
  'input_type' => 'radio',
82
  'options' => array(
257
 
258
  $text = '';
259
 
260
+ $local_ip = $this->domain_get_ip();
261
+
262
  if($this->wph->server_htaccess_config === TRUE)
263
  {
264
  $text = "RewriteCond %{ENV:REDIRECT_STATUS} ^$\n";
265
+
266
+ if ( $local_ip !== FALSE )
267
+ {
268
+ $text .= "RewriteCond %{REMOTE_ADDR} !^". str_replace(".",'\.', $local_ip ) ."$\n";
269
+ }
270
+
271
  $text .= "RewriteRule ^" . $rewrite_base ." ". $rewrite_to ."?wph-throw-404 [L]";
272
  }
273
 
274
  if($this->wph->server_web_config === TRUE)
275
+ {
276
  $text = '
277
  <rule name="wph-block_wp_cron_php" stopProcessing="true">
278
+ <match url="^' . $rewrite_base . '" />';
279
+
280
+ if ( $local_ip !== FALSE )
281
+ {
282
+ $text .= '
283
+ <conditions>
284
+ <add input="{REMOTE_ADDR}" pattern="^'. str_replace(".",'\.', $local_ip ) . '$" ignoreCase="true" negate="true" />
285
+ </conditions>';
286
+ }
287
+
288
+ $text .= '
289
  <action type="Rewrite" url="'. $rewrite_to .'?wph-throw-404" />
290
  </rule>
291
  ';
292
+ }
293
 
294
  $processing_response['rewrite'] = $text;
295
 
410
 
411
  return $processing_response;
412
  }
413
+
414
+
415
+ /**
416
+ * Return curent domain reversed ip
417
+ *
418
+ */
419
+ function domain_get_ip()
420
+ {
421
+ $local_ip = FALSE;
422
+ $site_domain_parsed = parse_url( home_url() );
423
+ if ( $site_domain_parsed !== FALSE && function_exists('gethostbyname') && function_exists('ip2long') )
424
+ {
425
+ $site_domain_is_ip = ip2long( $site_domain_parsed['host'] ) === FALSE ? FALSE : TRUE;
426
+ $local_ip = gethostbyname( $site_domain_parsed['host'] );
427
+
428
+ if ( $site_domain_is_ip === FALSE && $local_ip == $site_domain_parsed['host'] )
429
+ $local_ip = FALSE;
430
+
431
+ }
432
+
433
+ return $local_ip;
434
+ }
435
+
436
  }
437
  ?>
modules/components/rewrite-wp_content_path.php CHANGED
@@ -28,7 +28,7 @@
28
  $this->module_settings[] = array(
29
  'id' => 'block_wp_content_path',
30
  'label' => __('Block wp-content URL', 'wp-hide-security-enhancer'),
31
- 'description' => __('Block default content path. Your default wp-content path is set to', 'wp-hide-security-enhancer') . ' <strong>'. $this->wph->default_variables['content_directory'] .'</strong>
32
  '. __('Apply only if <b>New Content Path</b> is not empty. It block only for non loged-in users.', 'wp-hide-security-enhancer'),
33
 
34
  'input_type' => 'radio',
28
  $this->module_settings[] = array(
29
  'id' => 'block_wp_content_path',
30
  'label' => __('Block wp-content URL', 'wp-hide-security-enhancer'),
31
+ 'description' => '<span class="important">'. __('Ensure the above option works correctly on your server before activate this.', 'wp-hide-security-enhancer') .'</span><br />'. __('Block default content path. Your default wp-content path is set to', 'wp-hide-security-enhancer') . ' <strong>'. $this->wph->default_variables['content_directory'] .'</strong>
32
  '. __('Apply only if <b>New Content Path</b> is not empty. It block only for non loged-in users.', 'wp-hide-security-enhancer'),
33
 
34
  'input_type' => 'radio',
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.nsp-code.com/
4
  Tags: wordpress hide, hide, security, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5
  Requires at least: 2.8
6
  Tested up to: 5.1.1
7
- Stable tag: 1.5.6.3
8
  License: GPLv2 or later
9
 
10
  Hide and increase Security for your WordPress site using smart techniques. No files are changed on your server. Change default admin and wp-login urls
@@ -291,6 +291,17 @@ Please get in touch with us and we'll do our best to include it for a next versi
291
 
292
  == Changelog ==
293
 
 
 
 
 
 
 
 
 
 
 
 
294
  = 1.5.6.3 =
295
  * Fix: remove javascript comments produce worng replacements on specific format.
296
 
4
  Tags: wordpress hide, hide, security, improve security, hacking, wp hide, custom login, wp-loging.php, wp-admin, admin hide, login change,
5
  Requires at least: 2.8
6
  Tested up to: 5.1.1
7
+ Stable tag: 1.5.6.7
8
  License: GPLv2 or later
9
 
10
  Hide and increase Security for your WordPress site using smart techniques. No files are changed on your server. Change default admin and wp-login urls
291
 
292
  == Changelog ==
293
 
294
+ = 1.5.6.7 =
295
+ * Allow internal cron jobs to run even if wp-cron.php is blocked.
296
+ * Check with wp_filesystem for any errors and output the messages, before attempt to write any content
297
+ * Trigger site cache clear on settings changed or code update
298
+ * Slight css updates
299
+ * Mark block option in red text for better visibility and user awareness
300
+
301
+ = 1.5.6.4 =
302
+ * Fix: Keep double quote at the start of the replacements when doing JSON matches to avoid replacing strings for other domains
303
+ * Fix: Run compatibility pachage for "ShortPixel Adaptive Images" only when plugin is active
304
+
305
  = 1.5.6.3 =
306
  * Fix: remove javascript comments produce worng replacements on specific format.
307
 
router/environment.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
2
  $environment_variable = '{"theme":{"folder_name":"twentynineteen","mapped_name":"eereer"},"allowed_paths":["F:\/htdocs\/wp-hide.dev\/wp-content\/themes"],"cache_path":"F:\/htdocs\/wp-hide.dev\/wp-content\/cache\/wph\/","wordpress_directory":"","site_relative_path":"\/"}' ?>
1
+ <?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
2
  $environment_variable = '{"theme":{"folder_name":"twentynineteen","mapped_name":"eereer"},"allowed_paths":["F:\/htdocs\/wp-hide.dev\/wp-content\/themes"],"cache_path":"F:\/htdocs\/wp-hide.dev\/wp-content\/cache\/wph\/","wordpress_directory":"","site_relative_path":"\/"}' ?>
wp-hide.php CHANGED
@@ -5,7 +5,7 @@ Plugin URI: https://www.wp-hide.com/
5
  Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6
  Author: Nsp Code
7
  Author URI: http://www.nsp-code.com
8
- Version: 1.5.6.3
9
  Text Domain: wp-hide-security-enhancer
10
  Domain Path: /languages/
11
  */
5
  Description: Hide and increase Security for your WordPress website instance using smart techniques. No files are changed on your server.
6
  Author: Nsp Code
7
  Author URI: http://www.nsp-code.com
8
+ Version: 1.5.6.7
9
  Text Domain: wp-hide-security-enhancer
10
  Domain Path: /languages/
11
  */